Options, Opinions, Suggestions on GFI config...
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Options, Opinions, Suggestions on GFI config... - 25.Mar.2008 11:37:36 AM
|
|
|
Ytsejamer1
Posts: 136
Joined: 7.Mar.2006
Status: offline
|
Hello everyone,
What I'm requesting by starting this thread is perhaps some better configuration ideas or suggestions in regards to tuning GFI ME to get the best spam blocking happening with as little false-positives as possible. I think that's always a goal for everyone, but i'm kind of running into a roadblock here with certain situations.
I work for an education-related company so we get lots of emails from the DOEs, Colleges, Schools, etc. We have added all of their mail domains to our email/domain whitelist. This was great up until spammers started using those people's mail domains in the from section...all nasty viagra, enhancement, and other spam was walking right in. I have countered that by putting the keyword checking module ahead of that whitelist. I'm sure my order doesn't make sense or is as optimal as perhaps most of you, but it does seem to work best for us. I was able to catch about 98% of what was making it through to my users' mailbox with moving keyword ahead of whitelist. Here's my GFI info, module order, and other info.
Mail gateway runs GFI Mail Security (latest build) and GFI Mail Essentials (latest build) running Windows 2003 SP1 and all other updates; before passing email to our exchange 2003 SP2 system bridgeheads.
ME Module Order:
Directory Harvesting (catches about 75% of our spam)
IP WhiteList
Keyword Whitelist (due to our travel coordinators)
Keyword Checking (Catches about 15% of our spam)
Email/Domain Whitelist
SPF
Custom Blacklist
Bayesian Analysis
Spam URI Realtime Blocklists
DNS blacklists
Header checking
Phishing URL blacklist
*Note: We modified the strings.xml to tag the email before forwarding to our spamcatching mailbox. This allows our mail archiving system to detect anything with those tags and put it in a special archive folder that gets purged every three to four months.
What I'm finding now is that a few of our dept heads are upset that potential sales/leads/important contact emails are being caught by the spam filters and being tossed into our spam archive...there's no way to report that any email has landed in the spam archive. Users would have to be in contact with someone on the other end asking us if we've received the email...then go searching for it. Not the best way to do it, but the tradeoff is somewhat worth it. We have our domain blacklisted aside from a few important addresses like "sales@biz.corp" which are whitelisted in with checking MIME To: However, our keyword checker is still above even that...so it's still possible that those couple important addresses in the whitelist may still be blocked.
Can anyone think of a better way to handle this type of thing? I almost wish there was a primary email white list module that could be separate from the regular one to allow better flexability for whitelisting. Certain email addresses coming in are more important that Joe-Schmo who may have had his softball schedule blocked...which he can just go looking for via our archive search tool.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
